version: '3.3'
services:
######## Datenbank ########
  nextcloud-db:
    image: "mariadb:10.6.15@sha256:e22328f4d7147c2488d0e104277861be14321b3e39e91df4d90cc9a8aee9c362"
    container_name: nextcloud-db
    command: --transaction-isolation=READ-COMMITTED --log-bin=ROW --innodb_read_only_compressed=OFF
    restart: unless-stopped
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
      - db:/var/lib/mysql
    environment:
      MYSQL_ROOT_PASSWORD: "{{ lookup('keepass', 'nextcloud_mysql_root_password', 'password') }}"
      MYSQL_PASSWORD: "{{ lookup('keepass', 'nextcloud_mysql_password', 'password') }}"
      MYSQL_DATABASE: nextcloud
      MYSQL_USER: nextcloud
      MYSQL_INITDB_SKIP_TZINFO: 1
    networks:
      - intern
    labels:
      com.centurylinklabs.watchtower.enable: true

  # Error
  ## [ERROR] Incorrect definition of table mysql.column_stats: expected column 'histogram' at position 10 to have type longblob, found type varbinary(255).
  ## [ERROR] Incorrect definition of table mysql.column_stats: expected column 'hist_type' at position 9 to have type enum('SINGLE_PREC_HB','DOUBLE_PREC_HB','JSON_HB'), found type enum('SINGLE_PREC_HB','DOUBLE_PREC_HB').
  # Fix
  ## docker exec nextcloud-db mysql nextcloud -p<MySQL-Root-Pw> -e "ALTER TABLE mysql.column_stats MODIFY histogram longblob;"
  ## docker exec nextcloud-db mysql nextcloud -p<MySQL-Root-Pw> -e "ALTER TABLE mysql.column_stats MODIFY hist_type enum('SINGLE_PREC_HB','DOUBLE_PREC_HB','JSON_HB');"

######## Redis ########
  nextcloud-redis:
    image: "redis:7.0.15@sha256:5372f3076d8e9822ce6ab55f3336b3b0f05c2d6ea927522669b83e10e91d9205"
    container_name: nextcloud-redis
    hostname: nextcloud-redis
    networks:
      - intern
    restart: unless-stopped
    command: "redis-server --requirepass {{ lookup('keepass', 'nextcloud_redis_host_password', 'password') }}"
    labels:
      com.centurylinklabs.watchtower.enable: true

######## cron ########
  nextcloud-cron:
    container_name: nextcloud-cron
    image: "registry.mgrote.net/nextcloud-cronjob:master@sha256:9836e31f1cfed9e60c16d4f5926a8ca89a184e431d0b2ed7ebf4a21706560ec2"
    restart: unless-stopped
    network_mode: none
    depends_on:
      - nextcloud-app
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /etc/localtime:/etc/localtime:ro
    environment:
      NEXTCLOUD_CONTAINER_NAME: nextcloud-app
      NEXTCLOUD_CRON_MINUTE_INTERVAL: 1
    labels:
      com.centurylinklabs.watchtower.enable: true

######## Nextcloud ########
  nextcloud-app:
    image: "nextcloud:27.1.5@sha256:4fdf4eefe53da7677749d8efeff6bc697da753dd3ce37843385d10498ace5ffe"
    container_name: nextcloud-app
    restart: unless-stopped
    depends_on:
      - nextcloud-db
      - nextcloud-redis
    environment:
        REDIS_HOST: nextcloud-redis
        REDIS_HOST_PASSWORD: "{{ lookup('keepass', 'nextcloud_redis_host_password', 'password') }}"
        MYSQL_DATABASE: nextcloud
        MYSQL_USER: nextcloud
        MYSQL_PASSWORD: "{{ lookup('keepass', 'nextcloud_mysql_password', 'password') }}"
        MYSQL_HOST: nextcloud-db
        NEXTCLOUD_TRUSTED_DOMAINS: "nextcloud.mgrote.net"
        SMTP_HOST: mail-relay
        #SMTP_SECURE: tls
        SMTP_PORT: 25
        #SMTP_AUTHTYPE: LOGIN
        SMTP_NAME: info@mgrote.net
        #SMTP_PASSWORD: "{{ lookup('keepass', 'strato_smtp_password', 'password') }}"
        MAIL_FROM_ADDRESS: info@mgrote.net
        PHP_MEMORY_LIMIT: 1024M
        PHP_UPLOAD_LIMIT: 10G
        APACHE_DISABLE_REWRITE_IP: 1
        TRUSTED_PROXIES: "192.168.48.0/24" # Subnetz in dem sich traefik befindet
    volumes:
      - app:/var/www/html
      - data:/var/www/html/data
    networks:
      - intern
      - traefik
      - mail-relay
    labels:
      com.centurylinklabs.watchtower.enable: true
      com.centurylinklabs.watchtower.depends-on: nextcloud-redis,nextcloud-db

      traefik.http.routers.nextcloud.rule: Host(`nextcloud.mgrote.net`)
      traefik.enable: true
      traefik.http.routers.nextcloud.tls: true
      traefik.http.routers.nextcloud.tls.certresolver: resolver_letsencrypt
      traefik.http.routers.nextcloud.entrypoints: entry_https
      traefik.http.services.nextcloud.loadbalancer.server.port: 80

      traefik.http.middlewares.nextcloud-webdav.replacepathregex.regex: "^/.well-known/ca(l|rd)dav"
      traefik.http.middlewares.nextcloud-webdav.replacepathregex.replacement: "/remote.php/dav/"

      traefik.http.middlewares.nextcloud-hsts.headers.stsincludesubdomains: false
      traefik.http.middlewares.nextcloud-hsts.headers.stspreload: true
      traefik.http.middlewares.nextcloud-hsts.headers.stsseconds: 15552001
      traefik.http.middlewares.nextcloud-hsts.headers.isdevelopment: false

      traefik.http.routers.nextcloud.middlewares: nextcloud-hsts,nextcloud-webdav

######## Networks ########
networks:
  intern:
    driver: bridge
  traefik:
    external: true
  mail-relay:
    external: true
######## Volumes ########
volumes:
  db:
  app:
  data:

######## Doku ########
# Telefonregion
# docker exec --user www-data nextcloud-app php occ config:system:set default_phone_region --value="DE"
# https://help.nextcloud.com/t/nextcloud-wont-load-any-mixed-content/13565/3
# docker exec --user www-data nextcloud-app php occ config:system:set overwriteprotocol --value="https"
# docker exec --user www-data nextcloud-app php occ config:system:set overwrite.cli.url --value="http://nextcloud.mgrote.net"